Incident commander

An incident commander is accountable for resolving an incident from beginning to end. They also lead throughout the incident, directing colleagues to conduct mitigation and retrospective activities.

What is an incident commander?

Incident commanders hold responsibility throughout the entire incident and sometimes over the incident response process itself. In contrast, an incident manager only focuses on mitigation of a particular incident.

Incident commanders either volunteer for this role or get appointed to it (some organizations even hire one or more full-time incident commanders). Depending on your organization’s process, they could be a domain expert or a general project/process manager. It’s typically an additional responsibility that high-performers take on to increase their exposure to stakeholders — often with the hopes of going into leadership.

Why is an incident commander important?

The incident commander is the main point of contact throughout the incident, providing the most reliable, up-to-date information. They oversee the entire situation by tracking attempted and pending actions and coordinating each step of the resolution process.

In the absence of an incident commander, communication and collaboration suffer. Teams might unknowingly perform redundant tasks, overlook broader issues, and fail to communicate effectively with internal stakeholders like system users and executives. As an organization's technology or team structures become more intricate, the incident commander's role becomes increasingly vital for maintaining a robust incident management process.

The primary duties of an incident commander

An incident commander usually takes charge of the following responsibilities:

Get the right people in the room together 

It often takes several people across teams to resolve an incident. The incident commander assembles the right people in a timely manner, then promotes constructive, solution-oriented discussions amongst these diverse teams.

Remove any roadblocks to mitigation

Incident commanders should assign tasks to their team members and recognize when to bring in more developers, communicators, and other specialists.

As the engineers delve into the root cause of the problem, the incident commander also needs to focus on the overall situation. They should consider what the team has already attempted, which fixes succeeded in past incidents, and the best alternative to take if the current plan fails.

The incident commander manages this problem-solving by asking pertinent questions, consolidating updates from all involved team members, and prioritizing subsequent actions.

Keep the team calm

Incidents often cause immense stress, leading to poor decision-making. The incident commander must maintain a composed team atmosphere to prevent the team from panicking.

The incident commander should calm the team when necessary, identify and remove overly stressed individuals from the process, and continually refocus the team’s attention on the current task. Additionally, they should alleviate extra stress by addressing inquiries and concerns coming from internal and external stakeholders.

Organize communication with stakeholders

The incident commander must also execute a communication plan. This plan determines who receives specific alerts and when to involve other teams or departments. It should specify the appropriate channels for team members to use, the person in charge of each channel, and how often they should share information. For example, “During SEV1 incidents, we will assign a communications lead who will update the internal and external status page every 30 minutes.” 

Minimize risk across the company

Incident commanders must also foster incident preparedness, even when an incident isn’t actively occurring. They do so by establishing reliable incident procedures ahead of the next incident. These procedures include:

• Establishing communication pathways

• Developing an incident response strategy

• Educating team members on the response process

• Evaluating and improving incident response processes

Make decisions in real-time

Incident commanders must rapidly evaluate situations throughout the resolution procedure, then make final calls on which next steps to take and who to involve. They must excel at listening to many different viewpoints and triaging suggestions.

Support incident resolution tasks

After the incident resolution, the commander conducts documentation, post-incident reviews, and process improvement projects.

They also lead a retrospective meeting, where the incident response team shares their opinions and offers suggestions on preventing/lessening the impact of similar incidents in the future.